在web.xml中的url-pattern中指定GET参数。这可能吗?

时间:2013-09-26 14:37:41

标签: security web.xml

我正在尝试根据传入的GET参数过滤网址。以下是否支持?基本上URL过滤是否对传入的参数起作用?我正在尝试/支持经过身份验证但不支持/支持?immediate = true。

       <security-constraint>
                <web-resource-collection>
                    <web-resource-name>Exceptions</web-resource-name>
                        <url-pattern>/watchdog</url-pattern> 
                        <url-pattern>/version.xml</url-pattern>             
                        <url-pattern>/files/dist/gui*</url-pattern> 
                        <url-pattern>/support?immediate=true</url-pattern> <----is this supported?
                        <url-pattern>/majorversion</url-pattern> 
                        <url-pattern>/services/*</url-pattern>              
                        <url-pattern>/remoting/*</url-pattern>  
                        <url-pattern>/alarm.vmsg</url-pattern>              
                        <url-pattern>/event.vmsg</url-pattern>  
                        <url-pattern>/fault.vmsg</url-pattern>  
                        <url-pattern>/jsp/style.css</url-pattern>
                        <url-pattern>/style.css</url-pattern>               
                    </web-resource-collection>
                <user-data-constraint>
                    <transport-guarantee>NONE</transport-guarantee>
                </user-data-constraint>
            </security-constraint>


    <security-constraint>
        <web-resource-collection>
            <web-resource-name>All Access is restricted</web-resource-name>
            <url-pattern>/*</url-pattern>                   
        </web-resource-collection>
        <auth-constraint>
            <role-name>user</role-name>
        </auth-constraint>

        <user-data-constraint>
            <!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE -->
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>Server</realm-name>
    </login-config>

    <security-role>
        <role-name>user</role-name>
    </security-role>

1 个答案:

答案 0 :(得分:0)

你不能,它必须在你的servlets源代码上实现。